CVE-2017-6866

Published: Aug 7, 2017Modified: May 13, 2026

6.5

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

A vulnerability was discovered in Siemens XHQ server 4 and 5 (4 before V4.7.1.3 and 5 before V5.0.0.2) that could allow an authenticated low-privileged remote user to gain read access to data in the XHQ solution exceeding his configured permission level.

Affected (2)

Products: Siemens: Xhq Server

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Siemens Xhq Server	Up to 4.7.1.2
Siemens Xhq Server	Up to 5.0.0.1

Related CWEs

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (4)

http://www.securityfocus.com/bid/99247

Source: productcert@siemens.com

Third Party AdvisoryVDB Entry

https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-945660.pdf

Source: productcert@siemens.com

Vendor Advisory

http://www.securityfocus.com/bid/99247

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-945660.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.